search

a10networks / a10-neutron-lbaas

A10 Networks, Openstack Neutron LBaaS Driver
Apache License 2.0
9 stars 19 forks source link

Leaking server ports #463

Open eandersson opened 5 years ago

eandersson commented 5 years ago

In scenarios like with Kubernetes, a single server (ip) may have any number of ports, and in many cases the port will change many many times over it's lifetime.

The problem here is that we never actually remove server ports. We only remove the server if there are no ports referencing it. This may lead to situations like this.

_abc38_192_168_88_123_neutron:30074/tcp
_abc38_192_168_88_123_neutron:31205/tcp
_abc38_192_168_88_123_neutron:30920/tcp
_abc38_192_168_88_123_neutron:31853/tcp
_abc38_192_168_88_123_neutron:32022/tcp
_abc38_192_168_88_123_neutron:31662/tcp
_abc38_192_168_88_123_neutron:30053/tcp
_abc38_192_168_88_123_neutron:30025/tcp
_abc38_192_168_88_123_neutron:31146/tcp
_abc38_192_168_88_123_neutron:32044/tcp
_abc38_192_168_88_123_neutron:32102/tcp
_abc38_192_168_88_123_neutron:32512/tcp
_abc38_192_168_88_123_neutron:32262/tcp
_abc38_192_168_88_123_neutron:30069/tcp
_abc38_192_168_88_123_neutron:30899/tcp
......

We are testing a fix by adding something like this to the _delete function for members.

from neutron_lbaas.db.loadbalancer import models as lb_db

member_with_port = context.session.query(lb_db.MemberV2).filter_by(
    tenant_id=member.tenant_id,
    address=member.address,
    protocol_port=member.protocol_port,
).count()

if member_with_port == 1:
    c.client.slb.server.port.delete(server_name,
                                    member.protocol_port,
                                    'tcp')

This would make the _delete function remove the port, but only if it is the last remaining member using that port on the server.

hthompson6 commented 5 years ago

Thanks for providing this fix. I submitted PR #464 for it.